The Ethical Hacker Network - 0Day PoC for SMB v2 bug in Vista / Windows 7 / Windows 2008 relaeased

Home

Calendar

Certifications

Latest Additions

EH-Net Login

Welcome Guest.

Lost Password?

No account yet? Register

Who's Online
We have 58 guests and 3 members online

EH-Net News Feeds
Latest Additions

You are here: Home

Forum

Resources

News from the Outside World

0Day PoC for SMB v2 bug in Vista / Windows 7 / Windows 2008 relaeased

EH-Net

May 25, 2012, 11:35:24 AM

Welcome, Guest. Please login or register.
Did you miss your activation email?

News: Advertise on EH-Net!! - Reasonable Rates, Highly Targeted Audience.

Home

Help

Calendar

EH-Net > Resources > News from the Outside World (Moderator: don) > 0Day PoC for SMB v2 bug in Vista / Windows 7 / Windows 2008 relaeased

Pages: [1] 2 Go Down

« previous next »

	Author	Topic: 0Day PoC for SMB v2 bug in Vista / Windows 7 / Windows 2008 relaeased (Read 20609 times)
0 Members and 5 Guests are viewing this topic.

vijay2

Full Member

Offline

Posts: 220

0Day PoC for SMB v2 bug in Vista / Windows 7 / Windows 2008 relaeased

« on: September 08, 2009, 07:57:52 AM »

For more info

http://g-laurent.blogspot.com/

Looks like a Metasploit module will be added soon for this bug.

http://isc.sans.org/diary.html?storyid=7093&rss

Stay tuned


« Last Edit: September 08, 2009, 08:38:57 AM by don »	Logged

GPEN GCFA GCIH CISSP CISA GSEC OSCP C|EH Security+

nightmare44

Newbie

Offline

Posts: 10

Re: 0Day PoC for SMB v2 bug in Vista / Windows 7 / Windows 2008 relaeased

« Reply #1 on: September 08, 2009, 08:41:01 AM »

Tested it this morning on my BT VM and works perfectly


	Logged

Jhaddix

Sr. Member

Offline

Posts: 317

Re: 0Day PoC for SMB v2 bug in Vista / Windows 7 / Windows 2008 relaeased

« Reply #2 on: September 08, 2009, 08:51:59 AM »

nice....


	Logged

GSEC, GPEN, GWAPT, ECPPT, WAHHlive, LSOAdvancedPenTester

http://www.securityaegis.com
http://www.pentesterscripting.com
http://code.google.com/p/pentest-bookmarks/

nightmare44

Newbie

Offline

Posts: 10

Re: 0Day PoC for SMB v2 bug in Vista / Windows 7 / Windows 2008 relaeased

« Reply #3 on: September 08, 2009, 08:57:26 AM »

MetaSploit module:

http://pastie.org/609407

Also be sure filesharing is enabled in Win7/Vista in Network Connection Center for it to work.


	Logged

Manu Zacharia (-M-)

Sr. Member

Offline

Posts: 393

c0c0n Hacking Conference - where hackers unite

Re: 0Day PoC for SMB v2 bug in Vista / Windows 7 / Windows 2008 relaeased

« Reply #4 on: September 08, 2009, 12:55:26 PM »

Tested and working perfectly fine -

Just made a Video capture - (very low resolution - mobile capture) http://www.youtube.com/watch?v=gG1g7f2EKjw


	Logged

Manu Zacharia
MVP (Enterprise Security), ISLA-2010 (ISC)², C|EH, C|HFI, CCNA, MCP,
Certified ISO 27001:2005 Lead Auditor

There are 3 roads to spoil; women, gambling & hacking. The most pleasant with women, the quickest with gambling, but the surest is hacking - c0c0n

ethicalhack3r

Full Member

Offline

Posts: 139

Re: 0Day PoC for SMB v2 bug in Vista / Windows 7 / Windows 2008 relaeased

« Reply #5 on: September 08, 2009, 01:13:35 PM »

Works on local machine too. Time to BSOD my girlfriend all night! Grin


	Logged

xXxKrisxXx

Sr. Member

Offline

Posts: 491

Re: 0Day PoC for SMB v2 bug in Vista / Windows 7 / Windows 2008 relaeased

« Reply #6 on: September 08, 2009, 01:35:20 PM »

Metasploit guys already added it into the framework. Tested it on my Vista box - works like a charm.

smb2_negotiate_pidhigh.rb
http://www.anonym.to/?http://trac.metasploit.com/browser/framework3/trunk/modules/auxiliary/dos/windows/smb/smb2_negotiate_pidhigh.rb


	Logged

OSCP, OWSP, eCPPT

aweSEC

Hero Member

Offline

Posts: 1100

Re: 0Day PoC for SMB v2 bug in Vista / Windows 7 / Windows 2008 relaeased

« Reply #7 on: September 08, 2009, 02:20:05 PM »

Nice one.. wonder when first patch will be released..


	Logged

vijay2

Full Member

Offline

Posts: 220

Re: 0Day PoC for SMB v2 bug in Vista / Windows 7 / Windows 2008 relaeased

« Reply #8 on: September 09, 2009, 10:24:32 AM »

Apparently the bug is just for SMB v2 and you can disabled SMB v2 if you are not using it.

More info. on

http://www.petri.co.il/how-to-disable-smb-2-on-windows-vista-or-server-2008.htm

VJ


	Logged

GPEN GCFA GCIH CISSP CISA GSEC OSCP C|EH Security+

T3rm1ght

Newbie

Offline

Posts: 19

Re: 0Day PoC for SMB v2 bug in Vista / Windows 7 / Windows 2008 relaeased

« Reply #9 on: December 22, 2009, 12:40:18 PM »

Hi ALL,
i'm new to this security business, want i actually do is to secure peremeter devices with firewall but i think it's better to know the treats out there so i can really prepare. my question now is what do i do if i get the source code for this exploite and i want a prove of concept?
most of the source i see is in python and i don't know what to do. i run a linux box and mixture of windows pc's what do i need to compile a python source code.

thanks to anyone who helps and a merry christmas.
Perry


	Logged

Andrew Waite

Hero Member

Offline

Posts: 857

Re: 0Day PoC for SMB v2 bug in Vista / Windows 7 / Windows 2008 relaeased

« Reply #10 on: December 23, 2009, 04:34:26 AM »

Hi termight,

Python isn't compiled, but run on the fly. On Linux usual execution of a python script would be:
python sourceFile.py [parameters]
(assumes python is installed and binary is in your path)
or
./sourceFile.py [parameters]
(assumes you are in the same directory as the source file)

Hope this helps


	Logged

-- http://www.infosanity.co.uk
-- http://blog.infosanity.co.uk

T3rm1ght

Newbie

Offline

Posts: 19

Re: 0Day PoC for SMB v2 bug in Vista / Windows 7 / Windows 2008 relaeased

« Reply #11 on: December 23, 2009, 05:14:33 AM »

Hi Andrew,
Thanks for the reply, just a clearification. i'm a fun of milw0rm.com i see alot of exploite there example. http://www.milw0rm.com/exploits/66
how do i compile this

thanks again


	Logged

Andrew Waite

Hero Member

Offline

Posts: 857

Re: 0Day PoC for SMB v2 bug in Vista / Windows 7 / Windows 2008 relaeased

« Reply #12 on: December 23, 2009, 08:16:12 AM »

The example you provide looks like it is C, so compiling with gcc would likely be the standard scenario. Plenty of resources to help you out here.


	Logged

-- http://www.infosanity.co.uk
-- http://blog.infosanity.co.uk

T3rm1ght

Newbie

Offline

Posts: 19

Re: 0Day PoC for SMB v2 bug in Vista / Windows 7 / Windows 2008 relaeased

« Reply #13 on: December 23, 2009, 08:39:04 AM »

thanks Andrew, you're the best.. Wink


	Logged

T3rm1ght

Newbie

Offline

Posts: 19

Re: 0Day PoC for SMB v2 bug in Vista / Windows 7 / Windows 2008 relaeased

« Reply #14 on: December 23, 2009, 08:58:18 AM »

Hey Andrew,
would you be my mentor in security,pentesting and defence. cos i really want to study. like i said before i'm into firewalls both ISA and Cisco ASA. currently i have MCSE Security,CCNP,CCDP,CCIE WRITTEN and i've scheduled my lab for April next year. but my problem now is i really LOVE security but netwoking is pulling me off.
The question i always ask is "after all this security crackers are still able to hack into networks" then why security, i'm even thinking there is nothing called security cos today you're secured tomorrow you are down. i've decided to do the OSCP and OSWP and forget about the CCIE. please advise me.

Thanks